Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 7 replies
  • Subscribers 29 subscribers
  • Views 1263 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

IPSec Traffic uses wrong port

DanielR

Hi,

The traffic is using the WAN interface instead of the ipsec tunnel.

On the other side it is fine..

We changed the firewall rules 2 weeks ago but it wont work with the old ones also..

Regards

Daniel



This thread was automatically locked due to age.
Parents Reply Children
  • +1 in reply to LuCar Toni

    We've had this issue, too.

    Strange here, is we faced it only after Tunnel re-connects. Needed to add SNAT and IPSEC Routes. manually on CLI.

    You probably need this commands:

    system ipsec_route show

    system ipsec_route add net 10.1.2.0/255.255.255.0 tunnelname YourName_Tunnel

    show advanced-firewall

    set advanced-firewall sys-traffic-nat add destination 10.1.2.0 netmask 255.255.255.0 snatip 192.168.1.2 (this is your firewall's LAN Interface, it needs to be part of the IPSEC Tunnel Networks)

  • 0 in reply to LHerzog

    I just needed this rule system ipsec_route add net 10.1.2.0/255.255.255.0 tunnelname YourName_Tunnel

    Resolved my issue.

    Regards

    Daniel

  • 0 in reply to DanielR

    good to hear it's solved. You need the SNAT if the XG itself needs to access hosts on the other side of the IPSEC. for example Active Directory Servers, DNS Servers to forward to etc.